Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4e/0841b5-1955-4f00-8bf1-289f95893e84/1/rQ8HP-1CHQ2WJh4AZ9S-FHE5GNI.roa
File:                     rQ8HP-1CHQ2WJh4AZ9S-FHE5GNI.roa (raw, json)
Hash identifier:          2H9ylgH0h8jNYwcMQW9wprZPjTTUA+nJy+8c2P6cl8k=
Subject key identifier:   AD:0F:07:3F:ED:42:1D:0D:96:26:1E:00:67:D4:BE:14:71:39:18:D2
Certificate issuer:       /CN=0fe1a7b6a6b85b3c3267c803996ed818a4a66479
Certificate serial:       019B7EA717741DEF9BFA1EB6865928461EE2
Authority key identifier: 0F:E1:A7:B6:A6:B8:5B:3C:32:67:C8:03:99:6E:D8:18:A4:A6:64:79
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/D-Gntqa4WzwyZ8gDmW7YGKSmZHk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4e/0841b5-1955-4f00-8bf1-289f95893e84/1/rQ8HP-1CHQ2WJh4AZ9S-FHE5GNI.roa
Signing time:             Fri 02 Jan 2026 12:20:38 +0000
ROA not before:           Fri 02 Jan 2026 12:20:38 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     48654
IP address blocks:        91.211.104.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4e/0841b5-1955-4f00-8bf1-289f95893e84/1/D-Gntqa4WzwyZ8gDmW7YGKSmZHk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4e/0841b5-1955-4f00-8bf1-289f95893e84/1/D-Gntqa4WzwyZ8gDmW7YGKSmZHk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/D-Gntqa4WzwyZ8gDmW7YGKSmZHk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 27 Mar 2026 09:00:38 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7e:a7:17:74:1d:ef:9b:fa:1e:b6:86:59:28:46:1e:e2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0fe1a7b6a6b85b3c3267c803996ed818a4a66479
        Validity
            Not Before: Jan  2 12:20:38 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=ad0f073fed421d0d96261e0067d4be14713918d2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:da:ec:05:d6:5d:33:47:8f:ef:30:0c:3b:08:f8:
                    9d:02:b3:a5:db:3e:70:a7:c3:dc:58:6e:3f:57:f6:
                    2c:b7:ac:54:8e:b8:d2:de:4b:57:d9:8e:ad:45:7f:
                    e4:6d:e1:aa:01:17:37:c4:91:05:60:bd:1e:25:5c:
                    10:3d:3e:a5:c2:0a:00:e7:40:1b:de:cd:81:81:9c:
                    0d:49:97:0f:91:d3:38:44:25:aa:b2:a6:65:3e:8f:
                    1d:ff:b9:62:98:60:3d:ef:2d:e1:06:35:78:72:4a:
                    35:91:2f:48:61:19:98:e3:f0:a5:80:60:b8:86:da:
                    ab:50:08:f5:7b:41:23:f0:ef:82:53:9b:39:f7:9e:
                    a7:27:19:14:e4:ed:0b:e4:e8:a6:e0:9e:45:0c:17:
                    df:e7:8b:5f:0a:ea:23:9b:1e:25:2a:03:0a:45:b0:
                    10:fe:1a:93:4b:23:d9:4c:dc:60:42:ee:52:82:4d:
                    21:3c:05:8b:b0:ad:7e:b2:93:73:2c:e3:35:33:a2:
                    16:87:f9:82:7d:0c:ff:e5:4d:2d:c7:55:0a:fa:6d:
                    2f:28:12:b3:50:e9:81:4a:3b:88:81:e8:15:e2:0b:
                    a9:2d:aa:54:cc:e6:a4:5c:e5:e4:bd:1a:ea:0b:05:
                    f6:4e:9c:e7:9e:ad:31:f7:08:1c:a6:74:48:5f:93:
                    40:73
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AD:0F:07:3F:ED:42:1D:0D:96:26:1E:00:67:D4:BE:14:71:39:18:D2
            X509v3 Authority Key Identifier:
                keyid:0F:E1:A7:B6:A6:B8:5B:3C:32:67:C8:03:99:6E:D8:18:A4:A6:64:79

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/D-Gntqa4WzwyZ8gDmW7YGKSmZHk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4e/0841b5-1955-4f00-8bf1-289f95893e84/1/rQ8HP-1CHQ2WJh4AZ9S-FHE5GNI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4e/0841b5-1955-4f00-8bf1-289f95893e84/1/D-Gntqa4WzwyZ8gDmW7YGKSmZHk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.211.104.0/22

    Signature Algorithm: sha256WithRSAEncryption
         7d:1d:3a:29:1b:c0:81:b4:d1:65:d3:dc:82:88:b9:4b:a3:60:
         d4:d8:15:bb:0b:ea:4b:cc:37:c3:68:bf:ae:4e:dd:e7:04:d9:
         f5:15:a9:d0:c3:0a:e1:c5:57:fe:be:b3:41:de:0c:70:f5:b5:
         f8:44:b5:a2:67:7b:9d:19:23:52:34:2f:ca:57:46:48:ad:bf:
         eb:a5:e2:8f:37:88:83:5f:31:c2:93:53:d2:1d:4d:b3:ea:60:
         be:5d:3e:a2:16:d1:ee:b5:48:5b:0b:c2:b6:45:6a:3a:56:cc:
         d4:d0:4a:d7:e7:52:c2:f3:ba:02:39:14:80:81:42:c3:b6:18:
         c3:12:98:3b:3d:9a:d8:0b:79:ca:58:e6:82:7e:2b:6a:0a:ea:
         11:19:0f:65:11:38:f7:0b:68:ef:3f:33:97:18:96:cd:3c:7f:
         26:2d:3f:76:df:c2:c1:38:ad:44:b3:05:5f:8c:c6:b9:7d:07:
         79:ad:27:e2:06:57:16:b5:fe:43:1b:33:35:9a:1b:c2:a0:78:
         38:be:91:64:24:e1:38:fe:cc:83:c6:82:f0:f5:95:07:68:5b:
         f6:f7:2b:d6:02:e5:ac:0b:de:1f:bd:9a:a5:b1:55:02:ea:5f:
         97:65:0a:2f:e6:3f:cb:1c:49:d0:e8:b3:b4:0d:1b:90:0c:45:
         69:a1:c8:43
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt+pxd0He+b+h62hlkoRh7iMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBmZTFhN2I2YTZiODViM2MzMjY3YzgwMzk5NmVkODE4YTRh
NjY0NzkwHhcNMjYwMTAyMTIyMDM4WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhZDBmMDczZmVkNDIxZDBkOTYyNjFlMDA2N2Q0YmUxNDcxMzkxOGQyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2uwF1l0zR4/vMAw7CPidArOl2z5w
p8PcWG4/V/Yst6xUjrjS3ktX2Y6tRX/kbeGqARc3xJEFYL0eJVwQPT6lwgoA50Ab
3s2BgZwNSZcPkdM4RCWqsqZlPo8d/7limGA97y3hBjV4cko1kS9IYRmY4/ClgGC4
htqrUAj1e0Ej8O+CU5s5956nJxkU5O0L5Oim4J5FDBff54tfCuojmx4lKgMKRbAQ
/hqTSyPZTNxgQu5Sgk0hPAWLsK1+spNzLOM1M6IWh/mCfQz/5U0tx1UK+m0vKBKz
UOmBSjuIgegV4gupLapUzOakXOXkvRrqCwX2Tpznnq0x9wgcpnRIX5NAcwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFK0PBz/tQh0NliYeAGfUvhRxORjSMB8GA1UdIwQY
MBaAFA/hp7amuFs8MmfIA5lu2BikpmR5MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRC1HbnRxYTRXend5WjhnRG1XN1lHS1NtWkhrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80ZS8wODQxYjUtMTk1NS00ZjAwLThiZjEt
Mjg5Zjk1ODkzZTg0LzEvclE4SFAtMUNIUTJXSmg0QVo5Uy1GSEU1R05JLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80ZS8wODQxYjUtMTk1NS00ZjAwLThiZjEtMjg5Zjk1ODkzZTg0
LzEvRC1HbnRxYTRXend5WjhnRG1XN1lHS1NtWkhrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCW9NoMA0G
CSqGSIb3DQEBCwUAA4IBAQB9HTopG8CBtNFl09yCiLlLo2DU2BW7C+pLzDfDaL+u
Tt3nBNn1FanQwwrhxVf+vrNB3gxw9bX4RLWiZ3udGSNSNC/KV0ZIrb/rpeKPN4iD
XzHCk1PSHU2z6mC+XT6iFtHutUhbC8K2RWo6VszU0ErX51LC87oCORSAgULDthjD
Epg7PZrYC3nKWOaCfitqCuoRGQ9lETj3C2jvPzOXGJbNPH8mLT9238LBOK1EswVf
jMa5fQd5rSfiBlcWtf5DGzM1mhvCoHg4vpFkJOE4/syDxoLw9ZUHaFv29yvWAuWs
C94fvZqlsVUC6l+XZQov5j/LHEnQ6LO0DRuQDEVpochD
-----END CERTIFICATE-----